Hercules CI blog

Agent 0.5.0 with Terraform support and simpler configuration

Robert Hensing

Oct 7, 2019
1 minute read

Last week, we’ve released agent version 0.5.0. The main theme for the release is ease of installation. Running an agent should be as simple as possible, so we made:

Follow getting started guide to set up your first agent.

If you have and you’re using the module (NixOS, NixOps, nix-darwin) the update is entirely self-explanatory. Otherwise, check the notes.

Trusted-user

The agent now relies on being a trusted-user to the Nix daemon. The agent does not allow projects to execute arbitrary Nix store operations anyway. It may improve security since it simplifies configuration and secrets handling.

The security model for the agent is simple at this point: only build git refs from your repository. This way, third-party contributors can not run arbitrary code on your agent system; only contributors with write access to the repo can.

Talking about trust, we’ll share some details about securely doing CI for Open Source with Bors soon!

Hercules CI is on a mission to make life better for everyone who writes, deploys and runs software with Nix.

Check out hercules-ci.com: the principled, Nix-native CI/CD solution.

Follow @hercules_ci

Subscribe for more blog posts

Please select the ways you would like to hear from Hercules CI:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.